Stochastic identification of malware with dynamic traces

From MaRDI portal
Publication:2453653

DOI10.1214/13-AOAS703zbMATH Open1429.62713arXiv1404.2462OpenAlexW2032921253MaRDI QIDQ2453653FDOQ2453653


Authors: Curtis B. Storlie, Blake Anderson, Scott Vander Wiel, Daniel Quist, Curtis Hash, Nathan Brown Edit this on Wikidata


Publication date: 10 June 2014

Published in: The Annals of Applied Statistics (Search for Journal in Brave)

Abstract: A novel approach to malware classification is introduced based on analysis of instruction traces that are collected dynamically from the program in question. The method has been implemented online in a sandbox environment (i.e., a security mechanism for separating running programs) at Los Alamos National Laboratory, and is intended for eventual host-based use, provided the issue of sampling the instructions executed by a given process without disruption to the user can be satisfactorily addressed. The procedure represents an instruction trace with a Markov chain structure in which the transition matrix, mathbfP, has rows modeled as Dirichlet vectors. The malware class (malicious or benign) is modeled using a flexible spline logistic regression model with variable selection on the elements of mathbfP, which are observed with error. The utility of the method is illustrated on a sample of traces from malware and nonmalware programs, and the results are compared to other leading detection schemes (both signature and classification based). This article also has supplementary materials available online.


Full work available at URL: https://arxiv.org/abs/1404.2462




Recommendations


zbMATH Keywords

splinesclassificationlogistic regressionelastic netempirical Bayesadaptive Lassomalware detectionrelaxed Lasso


Mathematics Subject Classification ID

Applications of statistics in engineering and industry; control charts (62P30) Generalized linear models (logistic models) (62J12)


Cites Work


Cited In (6)

Uses Software





This page was built for publication: Stochastic identification of malware with dynamic traces

Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q2453653)

Retrieved from "https://portal.mardi4nfdi.de/w/index.php?title=Publication:2453653&oldid=15134980"
Powered by MediaWiki